FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-3765

This CVE name corresponds to:

Entered Topic
2010-10-28 mozilla -- Heap buffer overflow mixing document.write and DOM insertion

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-3765 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-3765
Phase Assigned(20101005)

Description

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

References

Source Reference
EXPLOIT-DB 15341
EXPLOIT-DB 15342
EXPLOIT-DB 15352
MISC http://isc.sans.edu/diary.html?storyid=9817
MISC http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
MISC http://www.norman.com/security_center/virus_description_archive/129146/
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
MISC http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
CONFIRM http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=607222
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=646997
CONFIRM http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
CONFIRM http://support.avaya.com/css/P8/documents/100114329
CONFIRM http://support.avaya.com/css/P8/documents/100114335
CONFIRM http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
DEBIAN DSA-2124
FEDORA FEDORA-2010-17105
FEDORA FEDORA-2010-16883
FEDORA FEDORA-2010-16885
FEDORA FEDORA-2010-16897
MANDRIVA MDVSA-2010:213
MANDRIVA MDVSA-2010:219
REDHAT RHSA-2010:0809
REDHAT RHSA-2010:0810
REDHAT RHSA-2010:0808
REDHAT RHSA-2010:0812
REDHAT RHSA-2010:0861
REDHAT RHSA-2010:0896
SLACKWARE SSA:2010-305-01
UBUNTU USN-1011-3
UBUNTU USN-1011-1
UBUNTU USN-1011-2
BID 44425
OVAL oval:org.mitre.oval:def:12108
SECTRACK 1024650
SECTRACK 1024651
SECTRACK 1024645
SECUNIA 41966
SECUNIA 41969
SECUNIA 42008
SECUNIA 42043
SECUNIA 41761
SECUNIA 41965
SECUNIA 41975
SECUNIA 42003
SECUNIA 42867
VUPEN ADV-2010-2871
VUPEN ADV-2010-2837
VUPEN ADV-2010-2857
VUPEN ADV-2010-2864
VUPEN ADV-2011-0061

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.